Distributed ledgers or blockchains provided in, for example, a peer-to-peer network, such as the distributed ledger used in the Bitcoin cryptocurrency system, allow participants on the peer-to-peer network to participate in a sharing of data in a distributed manner without a need for a central authority.
A public key infrastructure (PKI) may rely on digital certificates in order to identify parties operating in a system, and to enable encrypted secure communication between parties. For example, digital certificates are used to identify web sites, and to enable clients to connect and download web pages over a secure connection, using secure sockets layer (SSL) or transport layer security (TLS) cryptographic protocols.
In order to trust the digital certificates, a root certificate may sign other certificates, providing the other certificates with validity. A PKI thus relies on a trust in the root certificate.
In a centralized system an issue of establishing the trust is overcome by faith in a central authority, which owns the root certificate. The policies and processes a provider uses to decide which certificate authorities their software should trust are called root programs.
A centralized system operator may also be responsible for a distribution of valid certificates, and for maintaining a public register of certificates issued and revoked.
However, centralized systems and centralized root programs have a number of problems. The central authority may have the ability to arbitrarily issue and revoke certificates. Furthermore, central authorities usually charge for their services, resulting in higher costs for users of the system.
Furthermore, IoT devices may comprise lightweight devices in terms of memory and power consumption, with limitations on network connectivity. A current solution is to generate certificates for each IoT device in a chip factory and pre-load the certificate onto an IoT device. As time and effort are at a premium in the chip factory, an improvement to the current solution by reducing an amount of data to load onto the IoT device, and a number of computations that may be performed to generate the certificate may be desirable.
It is therefore the intention of the present disclosure to address the problem of enabling a public key infrastructure and certificate distribution to IoT devices in a decentralized fashion without recourse to a central authority, and without having to pre-load IoT devices with certificates or require extensive computations.